Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 767
  • Last Modified:

NTFS permission

We failed on backup job due to many Access Denied files.
Because there are many folders/files, it is impossible to add it one by one manually.
How can we add domain admins group to all folders/files with out affect existing NTFS security permissions?
We are using 2003R2 server in AD environment.
Thank you.
0
dickchan
Asked:
dickchan
5 Solutions
 
wolfcamelCommented:
sounds like you may need to revisit the entire structure of your security and inheritance etc.

If you add the admin at the root you still wont have access to folders where the admin has been removed, and inheritance turned off.

0
 
SysExpertCommented:
Backup Admin should always have access to everything, and  you need to make sure it is set that way.

CACLS and similar may be helpful.
test carefully before implementing.

I hope this helps !
0
 
avisharCommented:
Use "modacl" , using this utility you can apply/remove permission of a group recursively or otherwise on a folder without affecting the existing permission.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
avisharCommented:
If you decide to use modacl then download SuperCACLs 3.0 from Trusted Systems Services..
0
 
majidhajaliCommented:
Users of Backup Operators group have access to all files and folders whether they have NTFS permission on that folder/file or not. I suggest you create a user and put that user in Backup Operators group and run the backup tasks with delegation of that user.
0
 
ashaw2009Commented:
Firstly check what account you are using to run the backup job, then add that account to the local servers backup operators group:
Start > Run > compmgmt.msc > System Tools > Local Users and Groups > backup operators

Second check your VSS writers are stable.
Start >run> CMD > Vssadmin List Writers
Each writer should come back as Stable and No errors. If the writers are in a failed state you may need to restart the server or take further action.

Third check the Volume shadow copy service is set to start Manually and the logon account is the system account:

Start >run>services.msc>Volume Shadow Copy service
0
 
Krzysztof PytkoActive Directory EngineerCommented:
I would recommend SubInACL from Microsoft. It is easy in use and very powerful. You can download it at
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now